371 matches found
Vulnerabilities in Cetera CMS
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Insufficient Anti-automation и Cross-Site Scripting уязвимостях в Cetera eCommerce. Insufficient Anti-automation: http://site/ http://site/account/ На данных страницах отсутствует защита от автоматизированных запросов капча. XSS:...
Vulnerabilities in Cetera CMS
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Insufficient Anti-automation и Cross-Site Scripting уязвимостях в Cetera CMS. Insufficient Anti-automation: http://site/support/default.php?project=1 Отсутствует защита от автоматизированных запросов капча. XSS:...
Vulnerabilities in TYPO3
Hello 3APA3A! I want to warn you about security vulnerabilities in TYPO3. These are Cross-Site Scripting, Full path disclosure and Redirector vulnerabilities. XSS: http://site/index.php?id=49&sword=223E3Cscript3Ealertdocument.cookie3C/script3E...
Vulnerabilities in WP-Cumulus for WordPress
No description provided by source. These are Full path disclosure and Cross-Site Scripting vulnerabilities. Full path disclosure: http://site/wp-content/plugins/wp-cumulus/wp-cumulus.php XSS: http://site/wp-content/plugins/wp-cumulus/tagcloud.swf?mode=tags&tagcloud=%3Ctags%3E%3 ...
Vulnerabilities in plugins for WordPress
Hello Bugtraq! I want to tell you about different vulnerabilities in plugins for WordPress. About some of them there were posts to the list earlier. This August I made a summary about all vulnerabilities in plugins for WordPress http://websecurity.com.ua/3397/, which I found during 2006-2009. In...
Vulnerabilities in Abton
Здравствуйте 3APA3A! Сообщаю вам о найденных мною SQL DB Structure Extraction и SQL Injection уязвимостях в Abton это украинская CMS. SQL DB Structure Extraction: http://site/rus/details/13220/ http://site/rus/referaty/’/ http://site/rus/’/ http://site/rus/referaty/1/-1/ http://site/abton/ SQL...
Vulnerabilities in SimpGB
Hello 3APA3A! I want to warn you about security vulnerabilities in SimpGB. These are Full path disclosure, Insufficient Anti-automation and Cross-Site Scripting vulnerabilities. Full path disclosure: http://site/admin/index.php?lang=1 http://site/admin/pwlost.php?lang=1...
Vulnerabilities in WP-Cumulus for WordPress
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Full path disclosure и Cross-Site Scripting уязвимостях в плагине WP-Cumulus для WordPress. Full path disclosure: http://site/wp-content/plugins/wp-cumulus/wp-cumulus.php XSS:...
DoS vulnerability in Internet Explorer
No description provided by source. html head titleInternet Explorer DoS Exploit C 2009 MustLive. http://websecurity.com.ua/title script function DoS document.getElementById"dos".click; setTimeoutDoS,1; /script /head body onload="DoS" div align="center"a id="dos" href=""...
Vulnerabilities in Pigalle
Hello 3APA3A! I want to warn you about multiple security vulnerabilities in Pigalle. These are Information Leakage, Full path disclosure and Cross-Site Scripting vulnerabilities. Information Leakage: http://site/index.php Versions of PHP, MySQL and web server are shown in meta-tags in source of a...
DoS vulnerability in Internet Explorer
Hello Bugtraq! I want to warn you about Denial of Service vulnerability in Internet Explorer. Yesterday I already informed Microsoft. This attack I called DoS via homepage. DoS: http://websecurity.com.ua/uploads/2009/IE20DoS20Exploit10.html With this exploit in IE6 the browser blocks, so it's...
Cross-Site Scripting vulnerability in Joostina
Здравствуйте 3APA3A! Сообщаю вам о найденной мною Cross-Site Scripting уязвимости в Joostina CMS. Данная уязвимость подобна XSS уязвимости, которую я в 2007 году нашёл в Joomla 1.0.x. Но в отличии от Joomla, в Joostina нет ограничения на количество символов в строке поиска. Что позволяет...
Insufficient Anti-automation and Abuse of Functionality vulnerabilities in ALFcontact for Joomla
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Insufficient Anti-automation и Abuse of Functionality уязвимостях в компоненте ALFcontact comalfcontact для Joomla. Insufficient Anti-automation: http://site/option,comalfcontact/ На странице контактов нет защиты от автоматизированных запросов...
New vulnerabilities in CMS SiteLogic
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting и Command Execution уязвимостях в CMS SiteLogic. XSS: http://site/?mid=223E3Cscript3Ealertdocument.cookie3C/script3E Command Execution: Возможна загрузка произвольных файлов shell upload через модуль “Баннерная система” в...
Cross-Site Scripting vulnerability in eCaptcha
Hello Bugtraq! I want to warn you about Cross-Site Scripting vulnerability in eCaptcha plugin for E107. I found this hole in July 2008 and disclosed it at 25.09.2008. XSS: POST query at page http://site/path/ecaptcha/?key=b7c9bf99e763252105f047a5ca5681d0 scriptalertdocument.cookie/script in field...
E107 eCaptcha Cross Site Scripting
Hello Bugtraq! I want to warn you about Cross-Site Scripting vulnerability in eCaptcha plugin for E107. I found this hole in July 2008 and disclosed it at 25.09.2008. XSS: POST query at page http://site/path/ecaptcha/?key=b7c9bf99e763252105f047a5ca5681d0 alertdocument.cookie in field: Type Here...
e107 eCaptcha plugin 2.1 xss
No description provided by source. Hello Bugtraq! I want to warn you about Cross-Site Scripting vulnerability in eCaptcha plugin for E107. I found this hole in July 2008 and disclosed it at 25.09.2008. XSS: POST query at page http://site/path/ecaptcha/?key=b7c9bf99e763252105f047a5ca5681d0...
e107 0.7.16 - Referer header Cross-Site Scripting
e107 0.7.16 - Referer header Cross-Site Scripting Hello Bugtraq! I want to warn you about Cross-Site Scripting vulnerability in E107. Which I found at 31.01.2009 and disclosed recently. XSS: At page for sending news to email http://site/email.php?news.1 it's possible to conduct XSS attack via...
E107 Referer Cross Site Scripting
Hello Bugtraq! I want to warn you about Cross-Site Scripting vulnerability in E107. Which I found at 31.01.2009 and disclosed recently. XSS: At page for sending news to email http://site/email.php?news.1 it's possible to conduct XSS attack via Referer header. Particularly it can be done via flash...
Cross-Site Scripting vulnerability in E107
Hello 3APA3A! I want to warn you about Cross-Site Scripting vulnerability in E107. XSS: At page for sending news to email http://site/email.php?news.1 it's possible to conduct XSS attack via Referer header. Particularly it can be done via flash. Referer: 'scriptalertdocument.cookie/script...